Community discussions

 
prawira
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Feb 10, 2006 5:11 am

winbox exploit

Sat Jul 28, 2018 8:20 am

hi everyone,

just found this video on youtube https://youtu.be/h6JSNFhQUN8

and this link regarding the above video https://github.com/BigNerd95/WinboxExploit

questions, will next version of RoS will be able to protect us (as customers) from outsider who use the above tools to mess-up our routers ?

thank you

P
Last edited by prawira on Wed Aug 01, 2018 10:14 am, edited 1 time in total.
 
mistry7
Forum Veteran
Forum Veteran
Posts: 759
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: winbox exploit

Sat Jul 28, 2018 8:28 am

Fixes for this are avaible for more then a month
 
User avatar
vecernik87
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Nov 10, 2017 8:19 am

Re: winbox exploit

Sat Jul 28, 2018 9:01 am

Firstly, outsider should never have access to your management port. There should be no port 22,23,80,443,8291 opened to other than your computer.
Secondly, this is several months old - it was disclosed on end of April and fix was released within couple of days for both Bugfix and Current release tree. Just couple of weeks ago some kiddo released public script so now, you and many others are panicking because you never cared about security till now. (if you care, you would have proper firewall and you would update your device months ago)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1544
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: winbox exploit

Sat Jul 28, 2018 1:11 pm

OMG ... next topic about winbox problem ...

@Prawira ... have you checked forum for this problem? Have you tried this http://bfy.tw/J9pW before posting?
Real admins use real keyboards.
 
mkx
Member
Member
Posts: 379
Joined: Thu Mar 03, 2016 10:23 pm

Re: winbox exploit

Sat Jul 28, 2018 2:05 pm

What's worse about @prawira's post is that page, linked as second link in OPs post, has all information about exploit (including fixed version of ROS) as well as basic instructions about how to protect router...

Sigh.
BR,
Metod
 
User avatar
vecernik87
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Nov 10, 2017 8:19 am

Re: winbox exploit

Sat Jul 28, 2018 3:44 pm

Actually, thanks to this script (Earlier I saw different not-that-complete version) I realized that there is hidden caveat to currently recommended "set your firewall" - MAC winbox does ignores the IP firewall (obviously you cant use L3 feature to filter L2 communication). That however means, that even with perfect firewall, people would be vulnerable, if their MAC Winbox is listening on any interface...
Dang.. I am sure several of my devices are incorrectly set up...

Even silly post can bring some good in the end :)
 
mkx
Member
Member
Posts: 379
Joined: Thu Mar 03, 2016 10:23 pm

Re: winbox exploit

Sat Jul 28, 2018 4:44 pm

I guess that MAC Winbox is slightly harder to exploit as attacker would need direct L2 sccess. That's either from ISPs core infrastructure or from your own LAN. Then it all depends on how much you can trust both your ISP and your LAN users.

But then again, it's better to over-protect your boxes.
BR,
Metod
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 346
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: winbox exploit

Sat Jul 28, 2018 8:59 pm

That's actually an excellent point. By default, you should NOT trust internal users. If they're honest, then great. Otherwise, plan for the worst.

Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
prawira
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Feb 10, 2006 5:11 am

Re: winbox exploit

Thu Aug 02, 2018 10:50 am

dear all,

thank for all of your responses please accept my apologize for the delay.

i do know about the bug-fix upgrade that mention about vulnerability of previous versions, but never see the example of problem before.
honestly, i just see the proof of the mentioned vulnerability couple days ago and get big shock cause of that.

one of you said that i HAVE TO upgrade to the latest version but not for me. as we all know, mikrotik engineers always fix bug A but than bug B come up.

the story is...
+ we got tthe brand new CRS328-24P-4SRM with ROS 6.41 installed since a month ago.
+ we put this new CRS as replacement of our old CRS as this new unit has poe-out features.
+ our installation has vlan tagged on bridges (formally switch) and all of them run fine so far.
+ as soon as this unit upgraded into the last version (6.42.6), all of our vlan tagged does not run.
so it push us to return into the original version

NOTE: this CRS does not allow me to downgrade into 6.40 as the factory version is 6.41

cheers

P
Last edited by prawira on Thu Aug 02, 2018 12:09 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23344
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: winbox exploit

Thu Aug 02, 2018 10:54 am

Well it's up to you. Be afraid to upgrade because there might be some unknown bug, or risk your network being hacked. Not really a tough choice actually.
No answer to your question? How to write posts
 
prawira
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Feb 10, 2006 5:11 am

Re: winbox exploit

Thu Aug 02, 2018 12:11 pm

well...
the function we need are working great on 6.41; has not try on 6.42-6.42.5 yet...
but when we do upgrade to 6.42.6 as the latest current version, the function are broken

P
 
mrtester
just joined
Posts: 9
Joined: Sat Dec 23, 2017 11:09 pm

Re: winbox exploit

Thu Aug 02, 2018 12:17 pm

Not sure if this hacker is good or bad. Lets see if on the next step he will upgrade routers or reset their configuration :D

Who is online

Users browsing this forum: No registered users and 23 guests